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Chapter 1: The Blue Coat SG 8100 



This Installation Guide provides general instructions for installing, configuring, 
and using the Blue Coat SG 8100. The procedures in " Troubleshooting " on 
page 71 can help you verify that your system is installed and operating 
properly. 

Once you have completed the first-time configuration of the SG 8100 and have 
logged in, you should do the following: 

• Upgrade the SG 8100 software by downloading the latest patch release 
(available at http://download.bluecoat.com). 

• Fully configure the appliance. 

To configure the SG 8100, you will need to download the Blue Coat 
ProxySG Configuration and Management Guide Suite, (the CMG) available 
on the Blue Coat Web site at www.bluecoat.com. (Look for WebPozver 
Login under Support.) 

If you log in using an Internet browser, you can access the online Help by 
clicking the Help button on any screen in the Management Console, the graphical 
interface of the SG 8100. Additionally, you can visit the Documentation section 
in the Management Console to view the CMG. 

You can also visit the Blue Coat Web site for the latest support bulletins and 
technical notes. 

In this chapter you will find a list of items shipped with the SG 8100 and an 
overview of the external features of the SG 8100. 
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Unpacking the Blue Coat SG 8100 

When you receive the unit, verify that the following items are contained in the 
shipment: 



• Blue Coat SG 8100 

• Serial Cable 

• Power Cords (2 AC or 3 DC) 

• Grounding wire (with lugs, screws, 
and screw nuts) DC units only 



• Quick Start Guide 

• Disk Drives 

• License and Warranty 



Important: This product is intended for operation and servicing only by 
appropriately trained technical personnel. 

Dieses Produkt wird fur Betrieb vorgehabt und wird nur 
durch passend ausgebildeten technisches Personal 
gewartet 



If any of the items are missing or damaged, e-mail Blue Coat Technical 
Support at support@bluecoat.com. 
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SG 8100 Connection Ports 

The SG 8100 connection ports are located at the back of the unit, including: 

• Four Network Interfaces 

Two integrated 10/100/1000 Mbps on-board ports for high-speed 
connections. 

The SG 8100 is shipped with a Dual GigE Copper card installed in the 
expansion slot labeled 2. This card has two 10/100/1000 Mbps ports for 
high-speed connections. 

• Serial console port 

The serial console port connects to a PC, serial terminal, or stand-alone 
serial console box. 

• Four upgrade slots for additional network and add-in cards. 

Slots 2 and 3 accept Dual or Quad GigE Copper or Fiber LX cards and 
slots 4 and 5 accept SSL Accelerator cards. 

• Two USB ports 

• AC or DC power supplies 
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The SG 8100 comes with two AC or three DC hot-swappable power 
supplies. 

2 upgrade slots (for optional SSL 
Accelerator cards 
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2 Gigabit 2 upgrade slots (for Hot-swappable power 
(1 000 Mbps) optional Dual/Quad supplies (2 AC power 
Ethernet ports Fiber/copper LX supplies shown) 
cards 



Figure 1 -1 : Connection Ports at the Back of the SG 81 00 

SG 8100 Front Panel 

The SG 8100 front panel contains buttons and displays that allow you to: 

• Power the SG 8100 on and off. 

• View network, disk drive, and system status. 

• Configure basic network settings. 

Using the front panel LCD and buttons is the quickest method for setting 
the SG 8100 initial network configuration and connecting it to the 
network. See " Using the Front Panel to Configure Basic Network Settings" on 
page 32. 

• Install or hot-swap disk drives. 

For information about installing disk drives for the first time, see " Initial 
Installation of the Disk Drives" on page 18. For information about 
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hot-swapping disk drives (replacing a disk drive without powering off), 

see “Hot-Swapping a Disk Drive" on page 61. 

The front panel LED status indicators and the LCD are visible when the front 
panel is closed, as shown in Figure 1-2. 



LEDs LCD 




Figure 1-2: Front of the SG 8100 
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When the front panel is open, as shown in Figure 1-3, the power button, the 
control buttons, and the disk-drive bays are visible. 

Power button Control buttons 



Disk 

drive 

bays 



Figure 1-3: The SG 8100 with the Front Panel Open 
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Chapter 2: Installing the SG 8100 



This chapter describes how to mount, assemble, and power on the Blue Coat 
SG 8100, and how the front panel LEDs indicate the system status. 

Installing the SG 8100 into an Equipment Rack 

Rack-Mounting Safety Instructions 

• Verify that the rack is rated to support the installed equipment. 

• Ensure that the weight of the SG 8100 is distributed properly. 

• Ensure that the rack allows sufficient space to provide adequate air 
circulation. Allow a minimum three-inch (7.6 cm) clearance in front of and 
behind the SG 8100. 



Note: A Blue Coat SG 8100 unit weighs up to 82 pounds (37 kg), 

depending on the model. Blue Coat recommends that you install 
the SG 81 00 into an equipment rack with a shelf, using the front 
rack-mounting brackets to fasten the unit to the equipment rack. 



• Elevated Operating Ambient — If installed in a closed or multi-unit rack 
assembly, the operating ambient temperature of the rack environment 
may be greater than room ambient. Therefore, consideration should be 
given to installing the equipment in an environment compatible with the 
maximum ambient temperature (Tma) specified by the manufacturer. 

• Reduced Air Flow - Installation of the equipment in a rack should be such 
that the amount of air flow required for safe operation of the equipment is 
not compromised. 

• Mechanical Loading — Mounting of the equipment in the rack should be 
such that a hazardous condition is not achieved due to uneven 
mechanical loading. 

• Circuit Overloading — Consideration should be given to the connection of 
the equipment to the supply circuit and the effect that overloading of the 
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circuits might have on overcurrent protection and supply wiring. 
Appropriate consideration of equipment nameplate ratings should be 
used when addressing this concern. 

• Earthing (Grounding) — Reliable earthing of rack-mounted equipment 
should be maintained. Particular attention should be given to supply 
connections other than direct connections to the branch circuit (for 
example, use of power strips). 
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Install the SG 8100 into an Equipment Rack with a Shelf 

1 To install the SG 8100 into an equipment rack with a shelf 
(recommended), slide the unit into the shelf until the front rack-mounting 
brackets are flush with the equipment rack (you might need to remove 
the middle rack-mounting brackets first). 

2 Use four equipment-rack screws (two on each side) to securely fasten the 
SG 8100 to the equipment rack. 




Figure 2-1 : SG 81 00 Installed in an Equipment Rack with a Shelf 
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Install the SG 8100 into an Equipment Rack without a Shelf 



Important: Use an equipment-lift or two people to install the SG 8100 
into an equipment rack without a shelf. 



1 To install the SG 8100 free-standing into an equipment rack (without a 
shelf), use an equipment-lift or another person to position the unit so that 
the front or middle rack-mounting brackets are flush with the equipment 
rack. 




Figure 2-2: Positioning the SG 8100 into an Equipment Rack with a Lift 




Figure 2-3: SG 8100 Installed in an Equipment Rack without a Shelf 
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Attaching the Cables 



Note: International power cords are available. If included, the cords are 
shipped with the SG 8100 along with the North American power 
cords. 



1 Attach the network connection to Adapter 0, Interface 0. This connects the 
network to the interface configured via the LCD (see ''Overview of 
First-Time Configuration" on page 27). 

2 Attach the serial cable that came with the Proxy SG to the serial port 
connection, if necessary. 

The serial cable allows you to hook up to a PC, a serial terminal, or a 
standalone serial console box to configure and manage the SG 8100. 



Attach the 
serial cable 




Attach to 
Port 0:0 



Figure 2-4: Attach the Serial Cable and Network Connection 
3 Attach the power cords: 







For an AC-powered SG 8100, attach the two AC power cords as 
shown in Figure 2-5; connect the cords to an AC power source. 



Attach the 
power cords (2 
AC power 
supplies shown) 



Figure 2-5: Attach the Power Cords 
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For a DC-powered SG 8100, complete the following steps: 







WARNING! 



You must connect the grounding wire included with the SG 8100 
from the DC power supply to an electrically neutral ground 
before connecting the DC power cords. You must also use a 20A 
circuit breaker to connect to your DC power source as an 
over-current protection device. 



a. Connect the DC grounding wire (minimum A WG 8 rating) to the 
ground terminal on the side of the ProxySG DC power supply 
(use the screws and nuts provided); attach the other end to the 
chassis of your DC power source or to another electrically neutral 
ground. 




Connect the 
grounding wire to 
the ground terminal 



Figure 2-6: DC Power Supply Grounding Terminal 
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b. Connect the DC power connectors to the SG 8100 DC power 
supply (you need to connect at least two of the three power 
supplies to a DC power source). 




Connect at least two of the 
three DC power connectors to 
the SG 8100 DC power supply 



Figure 2-7: Hot-Swappable DC Power Supply 




WARNING! 



If you use the cables supplied by Blue Coat to reconnect the 
DC power connections to a DC power source, ALWAYS 
connect the yellow DC power cord to a negative DC outlet, 
and connect the black DC power cord to a positive DC outlet. 



ALWAYS plug the 




yellow cord to a 
negative outlet 

► 



► 

ALWAYS plug 
the black cord to 
a positive outlet 




C. Connect the DC power connections to a DC power source. 
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Opening the Front Panel 

Open the front panel to access the power and control buttons, and to insert or 
remove disk drives. 

• To open the front panel, use the two bezel tabs on each side of the front 
panel to open the front panel and pull it forward and down. 




Figure 2-8: Open the Front Panel 

Initial Installation of the Disk Drives 

Complete the following procedure to do a first-time installation of the disk 
drives that shipped with the SG 8100. For instructions about hot-swapping a 
disk drive (replacing a disk drive without powering off the unit), see 

“Hot-Swapping a Disk Drive " on page 61. 

1 Open the front panel and power off the SG 8100, if necessary (check that 
the Power LED is off). 
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2 Remove the disk drives from the shipping container and prepare each for 

insertion into the drive bays, as follows: 

• The drive bays are numbered from 1 to 8, starting from the left; insert 
the drives from left to right, always starting with drive bay 1. 

• When you insert a disk drive, the disk lever (the black latch) must be 
on top. 

• The left edge of the disk-drive container must align with both the 
plastic guide rail at the bottom of the disk drive bay and the metal 
guide rail at the top. 

• Insert disk drives carefully to avoid damaging the SCSI connectors. 



Disk lever 



Align this 
edge with the 
lower drive 
bay guide rail 




Align this 
edge with the 
upper drive 
bay guide rail 



Metal 
guide rail 



Plastic 
guide rail 




Figure 2-9: Insert Disk Drives Starting with Drive Bay 1 
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3 To insert a disk drive, hold the disk lever up, align the disk drive with the 
drive bay guide rails, and gently push the disk drive into the drive bay 
Push the disk drive as far back as possible to ensure a complete 
connection. 




Figure 2-10: Inserting a Disk by Sliding Inside Upper and Lower Guide Rails 



4 When the disk lever meets the ProxySG frame, push the lever down 
slowly until the lever locks in place. 



Push the 
disk lever _ 
down slowly 




Figure 2-1 1 : Locking a Disk Drive into Place 
5 Repeat Steps 2 through 4 as necessary until each disk drive is installed. 
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Powering the SG 8100 On and Off 

Follow this procedure to power on or power off the ProxySG. 

1 Open the front panel of the SG 8100 and press the power button. 



Power button Power LED 




Figure 2-12: Press the Power Button to Power On or Power Off the SG 8100 



2 Verify that the SG 8100 has powered on or off successfully 
• Successful Power On: 

The Power LED is green and the LCD displays "Blue Coat" when the 
SG 8100 first powers on. 

After one or two minutes, the System LED is green and the LCD 
displays "IP address not configured" (if a first-time configuration has 
not been done) or it cycles between CPU utilization and proxied 
traffic statistics. The LEDs corresponding to all installed and 
functioning disk drives are green, and the corresponding LAN LED is 
lit for all connected network interfaces. Figure 2-13 shows an example 
of a successful power on; different network and disk drive 
configurations may not look the same. 

LAN LED System LED 





a ' 0 ' A 


Disk 


6 • 


Drive 


2345678 


LED 






rs T6 



Figure 2-13: Example of a Successful Power On 
• Successful Power Off: 

The LCD and LEDs go off when the SG 8100 powers off. 
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3 Close the front panel. 



Checking Status with the Front Panel LEDs 



The front panel LEDs indicate the status of the ProxySG. 



1 Power 2 LAN i System 

LED LEDs Warning LED 
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Figure 2-14: Front Panel LEDs 



8 Disk 

Drive 

LEDs 



Table 2.1 describes the appearance and meaning of LED colors and flash rates. 



Table 2.1 : Front Panel LED Connection and Activity Status 



Front Panel 
LEDs 



Description 



Power The Power LED indicates if power is being supplied to the 

SG 8100. 

• If the SG 8100 is powered on and configured, the Power 
LED is green. 

• If the SG 8100 is powered on and not configured, the 
Power LED will blink from green to amber. 

• If the SG 8100 is without power, the Power LED is off. 
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Table 2.1 : Front Panel LED Connection and Activity Status 



LAN 



Front Panel 
LEDs 



The two LAN LEDs indicate network connection status for 

Adapter 0 (Interfaces 0 and 1). 

• If a network link is not established for a particular 
adapter / interface, the LAN LED is off. 

• If a network link is established for a particular 
adapter /interface, but no activity is detected, the LAN 
LED colors are as follows: 

• 10 Mbps: Solid orange 

• 100 Mbps: Solid blue 

• 1000 Mbps connection: Solid purple 

• If a network link is established for a particular 
adapter/interface and activity is detected, the LAN 
LED colors are as follows: 

• 10 Mbps: Flashes orange 

• 100 Mbps: Flashes blue 

• 1000 Mbps: Flashes pink 

Description 



System Warning The System Warning LED indicates if the system has a 

malfunction. 

• If this LED is off, there is no status on the health of SG 
8100. 

• If the SG 8100 is operating normally, the System 
Warning LED is solid green. 

• If a system warning occurs, the System Warning LED is 
solid amber. 

• If a serious problem requiring immediate attention 
occurs, the System Warning LED flashes amber. 



If the System Warning LED is solid or flashing amber, see 
"System Warning LED Indicates System Malfunction " on 
page 71 for information about detecting the problem. 
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Table 2.1 : Front Panel LED Connection and Activity Status 



Disk Drive The Disk Drive LEDs indicate the connection and activity 

status of the corresponding disk drives. 

• If a disk drive is not connected, the corresponding Disk 
Drive LED is off. 

• If a disk drive is connected, but no activity is detected, 
the corresponding Disk Drive LED is solid green. 

• If a disk drive is connected and activity is detected, the 
corresponding Disk Drive LED is either solid amber or 
flashes between green and amber at an irregular 
interval. 

• If a disk drive is connected but is not functioning (either 
because it has been taken offline or is faulty), the 
corresponding Disk Drive LED flashes from green to 
amber at a regular interval. A Disk Drive LED that flashes 
amber at a regular interval indicates a drive that can be 
removed. 
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Checking LAN Activity with Back Panel LEDs 



You can also check LAN activity from the back of the SG 8100, at the site of 
the Gigabit Ethernet ports. Figure 2-15 shows two LAN connectors — one at 
Adapter 0, Interface 0 (on the left), and one at Adapter 1, Interface 0 (on the 
right). 




LAN connector 
LEDs 



Figure 2-15: LAN Connection Port LEDs at the Back of the SG 81 00 

Table 2.2 describes the appearance and meaning of the LAN Connection Port 
LED colors and flash rates. 



Note: If no link is established, the connection port LED will be off. 



Table 2.2: Connection Port LED Activity Status 





Link established; 
no activity detected 


Link established; 
activity detected 


Adapter 0 Connections 






(Interface 0 and 1) 






10 Mbps 


solid green 


flashing green 


100 Mbps 


solid yellow 


flashing yellow 


1000 Mbps 


solid orange 


flashing orange 
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Chapter 3: First-Time Configuration 



The Blue Coat SG 8100 requires a first-time configuration prior to use. 

Once you have completed first-time configuration, refer to the Blue Coat 
ProxySG Configuration and Management Guide Siute, available from the Blue 
Coat Web site at www.bluecoat.com. for information on how to fully 
configure the SG 8100 to best meet your needs. 

Overview of First-Time Configuration 

There are two ways to do the first-time configuration: 

• Use the SG 8100 front-panel LCD and buttons. 

• Use a direct connection between the SG 8100 and either a standalone 
serial terminal or a PC with an available serial (COM) port. 

Both of these methods allow you to make the basic network settings required 
to test the SG 8100 connection and functionality. After completing the 
first-time configuration, you must log in to the SG 8100 and use the 
command-line interface (CLI) or Management Console Web interface to fully 
configure the appliance. First-time configuration is designed only to get you 
up and running for testing purposes. 
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Configuring the SG 8100 with the Front Panel 

Using the front panel control buttons and LCD is the quickest and easiest way 
to do a first-time configuration. Figure 3-1 shows the front panel LCD and 
control buttons. 



LQD Up/Down Arrow buttons 





fUl) — 


configured 


© © 


1 



Menu 

button 

Enter 

button 



Figure 3-1 : Front Panel LCD and Control Buttons 



Use the LCD and control buttons to set the basic networking parameters and 
monitor the SG 8100. 



LCD Behavior 

The default behavior of the front-panel LCD is to turn off after 30 seconds. 
The front-panel LCD behavior is configurable; see "Configuring the Front-Panel 
LCD Behavior " on page 58 for information. 

To Relight the Front-Panel LCD: 

• If the SG 8100 is powered on, but the front-panel LCD is dim, press any 
front-panel control button (see Figure 3-1) to relight the LCD. 

After the LCD relights, the front-panel control buttons return to normal 
behavior. 
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Modes and the LCD 

The SG 8100 has three modes, which can be viewed in the LCD. 



Status Mode The default mode. Before the SG 8100 is configured, the LCD 
in Status mode displays "IP address not configured." After 
initial configuration, the LCD in Status mode displays CPU 
utilization and proxied traffic statistics. 

In Status mode, there is no cursor in the LCD. 

IP address 
not configured 



Proxied Traffic: 

23 kbps 

Configuration From Status mode, push the Enter button to go to 
Mode Configuration mode. In Configuration mode, you can use the 

Up and Down arrow buttons to cycle the LCD through the six 
networking parameters (IP Address, Subnet mask. Gateway 
address, DNS address. Console Password, and Enable 
Password). 

In Configuration mode, the cursor is an underscore in the 
LCD. 

IP address : 

010.025.036.047 

i 

l 
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Edit Mode From Configuration mode, use the Up or Down arrow button 
until the parameter you want to configure is displayed, then 
press the Enter button to go to Edit mode for that parameter 
(for a first-time configuration, you must begin with the first 
displayed parameter — IP address). 

To configure the parameter, use the Left and Right arrow 
buttons to position the cursor over a character you want to 
change, then use the Up and Down arrow buttons to cycle 
through the characters. When the parameter is configured 
correctly, press the Enter button to save the setting and return 
to Configuration mode. 



Note: The SG 8100 automatically exits Edit mode, 

without saving parameter configurations, if no 
activity is detected for 20 seconds. 



In Edit mode, the cursor is a blinking box in the LCD. 

IP address : 

011.025.036.047 

t 
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The Control Buttons 



This section explains how to use the front panel control buttons to add 
configuration settings. 

The buttons work as follows: 



Enter Button When you push the Enter button in Status mode, the SG 
8100 enters Configuration mode. In Configuration 
mode, one of the six configurable parameters displays in 
the LCD (starting with IP address). 

When you push the Enter button in Configuration mode, 
the SG 8100 enters Edit mode for the parameter 
displayed. 



When you push the Enter button in Edit mode, the SG 
8100 saves any changes you made to the parameter 
displayed and returns to Configuration mode. 

Menu Button 

MENU 



The Menu button functions like an Escape key. When 
you push the Menu button in Edit mode, the SG 8100 
returns to Configuration mode, cancelling any changes 
you made to the parameter displayed. 



When you push the Menu button in Configuration 
mode, the SG 8100 returns to Status mode. Any changes 
you made while in Edit mode have already been saved, 
and are not affected when you push the Menu button in 
Configuration mode. 



Left and Right Arrow 
Buttons 



When you push the Left and Right arrow buttons in Edit 
mode, the cursor moves back and forth over the 
configurable settings of the parameter displayed. 



Up and Down Arrow 
Buttons 

A 




When you push the Up and Down arrow buttons in 
Configuration mode, the SG 8100 cycles through the six 
configurable parameters. 

When you push the Up and Down arrow buttons in Edit 
mode, the SG 8100 cycles through the characters 
available for the selected setting of the parameter (the 
selected setting is the character that the cursor is over 
when you push the arrow buttons). 
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Using the Front Panel to Configure Basic Network Settings 

Use the front-panel components of the SG 8100 to do a quick first-time 
configuration of the following networking parameters on Adapter 0: 



• IP address 

• Gateway address 

• Console password 



• Subnet mask 

• DNS address 

• Enable password 



Important: A default username (admin) is already set on the SG 8100. 
A unique console and enable password are generated 
automatically. You can configure the passwords now, or 
write down the auto-generated passwords and use them to 
log in, changing them later. The enable password is not 
required if you log in using a browser. 



1 When the LCD reads "IP address not configured," press the Enter button 
to enter Configure mode. 

The IP address parameter appears in the LCD, and the cursor appears as 
an underscore. 

2 Press the Enter button again to enter Edit mode. 

The cursor changes to a blinking box. 

3 Press the Left or Right arrow buttons to position the cursor over the 
characters you want to change; press the Up or Down arrow buttons to 
change them. 

4 When you have all the characters of the parameter entered correctly, press 
the Enter button to save the changes and return to Configure mode. 

5 Press the Down arrow button to move to the next parameter; press the 
Enter button to enter Edit mode. 
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6 Repeat Steps 3 through 5 for the Subnet mask. Gateway address, and DNS 
address parameters. When the LCD reads, "Console password: Push to 
set," go to Step 7. 

7 Press the Enter button to enter Edit mode (if necessary) and complete one 
of the following two steps: 

• To configure the password later (after you log in), write down the 
auto-generated password and press the Enter button to return to 
Configure mode. 

• To configure the password now, follow Steps 3 and 4. 

8 Push the Down arrow button to move to the enable password parameter; 
repeat Step 7 for the enable password. 

The LCD will display "Enable password: Push to configure" when you 
are back in Configuration mode. Do not push the Enter button again, or a 
new auto-generated enable password will be created (if that happens, 
repeat Step 7). 

9 Push the Down arrow button to move to the secure serial port parameter. 

Selecting Yes to secure the serial port means that you will be challenged 
for the administrative username/password when accessing the serial 
console and will be challenged for the setup password when accessing the 
setup console. 

To restrict access to the front panel, configure the front panel PIN from the 
CLI after initial setup is complete (see " Configuring a Front-Panel PIN " on 
page 57). 

10 Press the Enter button to enter Edit mode (if necessary) and follow Steps 3 
and 4 to secure the serial port. 

11 Press the Menu button to return to Status mode. 

Initial network configuration is now complete. The LCD cycles between 
CPU utilization and proxied traffic statistics. 
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Configuring the SG 8100 Using a Direct Serial Port 
Connection 

If your ProxySG is running 4.2.x or higher, use the following procedure to 
configure it with a direct serial port connection. 

Use a standalone serial terminal or a PC and use the SG 8100 command-line 
interface (CLI) to do a first-time configuration of the following basic network 
information: 



• IP address 

• IP gateway address 

• Console username 

• Enable password 



• IP subnet mask 

• DNS server 

• Console password 

• Serial port password (optional) 



In addition, you can optionally configure a bridge, a forwarding host, or you 
can restrict access to the SG 8100 to a particular IP address or addresses. 



PC Note: If the PC is using standard serial port settings, you should 

have a problem-free connection. You can run into problems, 
for example, if there are non-standard PC serial port settings. 



Do the following procedure by reading on-screen material and entering data 
where necessary. The on-screen instructions display as five separate pages. In 
the procedure below, places that require you to enter data show example 
entries in bold text. 

1 Power on and connect the serial terminal or PC as described below (the 
SG 8100 must be powered off): 

Serial terminal: Connect the terminal's serial cable to the ProxySG's serial 
console port; start the terminal and verify that it is set as described below. 

PC: Connect the serial cable that came with the ProxySG to a serial port 
on the PC and to the ProxySG's serial console port; start the PC, open a 
terminal emulator (such as HyperTerminal), and connect to the serial port 
to which you attached the cable. Create and name a new connection 
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(either a COM or TCP/IP), and verify that the port is set using the 
parameters below: 



• Baud rate: 9600 bps 

• Parity: none 

• Flow control: none 



• Stop bits: 1 

• Smooth-scroll: disabled 



• Data bits: 8 



• Emulation: VT 100 

If you have set flow control to none, and if you have smooth-scroll as an 
option in your terminal settings, you can disable smooth-scroll in your 
terminal settings to reduce the chance of losing output. 

2 Power on the ProxySG and wait for the system to finish booting. 

The following configuration alert displays: 

•k-k-k-k-k-k-k-k-k-k-k'k'k-k-k-k'k'k-k QONF X CURAT" I ON AXjERT 

System startup cannot continue for one of these 
reasons : 

(a) Need at least one adapter (or bridge) configured 
with an IP address and subnet. 

(b) Need the console password and enable password. 
********** SYSTEM STARTUP TEMPORARILY SUSPENDED ********* 
Press "enter" three times to activate the serial console 

Figure 3-2: Initial Setup — Configuration Alert 

3 Press the computer keyboard <Enter> key three times. 

When the Welcome to the ProxySG Appliance Setup Console 

prompt appears, the system is ready for the first-time network 
configuration. 

Five screens will display, one at a time, as shown in the following steps. 
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4 On page 1, indicate whether you want to configure a bridge; enter an 
interface number, and enter the values as indicated for the four network 
settings. 



Note: If you enter yes, to configure a bridge, you must also 

configure at least one bridge port and associate a network 
interface with it. 



Welcome to the ProxySG Appliance Setup Console 

(page 1 of 5) 

Press <ESC> at any time to return to the main menu 
DIRECTIONS : 

This setup console is used to assign IP addresses to 
the ProxySG Appliance. After assigning the IP addresses 
you can connect to the command line interface or Web 
interface to perform additional management tasks. 

If you have a pass through card, you can configure it by 
using the bridge name passthru-<slot number> . For 
example if the pass through card is at slot 2, the 
bridge name would be passthru-2. 

In order to create a new bridge, you would have to 

1. assign a name to the bridge 

2. associate one or more interfaces to the bridge 
Configure bridge? Y/N [No] No 

Enter interface number to configure [0:0] : 

IP address [0.0. 0.0]: 10.25.36.47 
IP subnet mask [0.0. 0.0]: 255.255.255.0 
IP gateway [0.0. 0.0]: 10.25.36.1 
DNS server [0.0. 0.0]: 101.52.23.101 

You have entered the following IP addresses: 

IP address: 10.25.36.47 
IP subnet mask: 255.255.255.0 
IP gateway: 10.25.36.1 
DNS server: 101.52.23.101 

Would you like to change any of them? Y/N [No] No 

Figure 3-3: Initial Setup — Page One 
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5 On page 2, enter a console username and a console and enable password. 
A default username (admin) is already in place — you can change it here. 

Usernames and passwords can each be from 1 to 64 characters in length, 
and that passwords that contain special characters (such as an 
exclamation point) must be in quotes. 

(pag e 2 of 5) 

Press <ESC> at any time to return to the main menu 

DIRECTIONS : 

The console username, password and enable password are 
special administrative credentials which can be used to 
log in to the command line interface or web management 
interface . 

WARNING - The console password and enable password are 
not defined. 

The system cannot start up until these are defined. 

You must configure the console user account now. 

Enter console username: namel23 
Enter console password: "******'' 

Verify console password: "***•***" 

Enter enable password: "*****•*" 

Verify enable password: "******'' 



Figure 3-4: Initial Setup — Page Two 

6 (Optional) For maximum security, secure the serial port. 

The serial port allows you to configure and access the SG 8100 using a 
serial cable. This can pose a security risk because anyone with access to 
the appliance can reconfigure the SG 8100 settings. This optional step sets 
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a password on the serial console setup, allowing only authorized 
personnel the ability to reconfigure the appliance. 

Do you want to secure the serial port? Y/N [Yes] Yes 
Enter setup password: "*•*****" 

Verify setup password: "**•****" 

WARNING: 

If you continue and enable the secure serial port it 
will not be possible to enter the setup console 
without the setup password. If the setup password is 
lost, assistance from Blue Coat Systems will be 
required and all system configuration may be lost. 
It is recommended that this password be stored in a 
physically secure location. Access to the CLI on the 
serial port will challenge for credentials. 

To enable the secure serial port, re-enter the setup 
password: "★*****" 

Figure 3-5: Initial Setup — Secure the Serial Port (Optional) 

7 (Optional) On page 3, you can restrict access to the SG 8100. 



Note: For maximum security, you should restrict physical access 
to the SG 8100. 

After initial configuration, you can change the workstation 
restriction settings through the security commands in the 
CLI or the Console Access tab in the Management Console 
You can add or remove IP addresses or you can enable or 
disable workstation restrictions. For details, refer to the 
“Security and Authentication” chapter in the Blue Coat 
ProxySG Configuration and Management Guide Suite. 
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(pggg 3 Q f 5) 

Press <ESC> at any time to return to the main menu 
DIRECTIONS : 

The console username and password are special: they can 
be used to log in to the CLI or Web Management 
interface even in circumstances where this is denied by 
VPM or CPL policy. This makes the console account 
useful in emergencies, as a way to log in when policy 
is broken, but it may also create a security hole. 

To close the security hole, we recommend that you 
restrict the use of the console account to specific 
workstations, identified by their IP address. 

This dialog allows you to add one IP address to the 
list of workstations that are authorized to use the 
console account. (This same list is also used to 
restrict which workstations can use SSH with RSA 
authentication.) Additional workstations may be 
configured later, from the command line interface or 
the Web interface. 

WARNING: The console account can currently be used to 
log in from any workstation. 

Would you like to restrict access to an authorized 
workstation? Y/N [Yes] Yes 

Authorized workstation [ 0 . 0 . 0 . 0 ] : 10 . 2 . 33 . 1 

Figure 3-6: Initial Setup — Page Three 

8 On page 4, press <Enter> or type No if you do not want to enter a 
forwarding host at this time, or type Yes to enter a forwarding host. 
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If you type Yes, you must also provide a host alias and a host name or IP 
address. 

(page 4 of 5) 

Press <ESC> at any time to return to the main menu 
DIRECTIONS : 

This setup console is used to configure a proxy 
forwarding host as the forwarding default (a one member 
default fail-over sequence) . After assigning a host 
alias and the host name you can connect to the command 
line interface to perform additional management tasks. 

Would you like to setup the forwarding host now? Y/N [No] 



Figure 3-7: Initial Setup — Page Four 

Page 5 displays. This page explains how to access the SG 8100 from an 
SSH Client or with a Web browser (see " Logging on to the SG 8100 " on 
lage 52 for more information). 

(page 5 of 5) 

DIRECTIONS : 

The ProxySG Appliance has been successfully configured 
to use IP address: "10.25.36.47" 

You can connect to the command line interface or Web 
interface to perform additional management tasks. 

To connect to the command line interface, open the 
following location from your SSH application: 
10.25.36.47 

To connect to the Web management interface, go to the 
following location with your web browser: 
https:// 10. 25. 3 6. 47: 8082/ 

CONFIGURATION COMPLETE 

Press "enter" three times to activate the serial console 



Figure 3-8: Initial Setup — Page Five 

9 To log in to the serial console right away, press <Enter> three times. 



40 



Blue Coat SG 8100 



A menu displays offering two choices: 

1) Command Line Interface 

2) Setup Console 

10 Enter 1 to select the CLI (see " Logging on to the SG 8100 CLI” on page 54 
for information about using the SG 8100 CLI). To access the SG 8100 
Management Console, enter the following address into your Web 
browser: 

https : // appliance_IP : 8082/ 

where appliance_iP is the IP address that you configured for this SG 
8100 in Step 4. 

See " Logging on to the SG 8100" on page 52 for more information about 
accessing the SG 8100. 



Configuring the SG 8100 Running 5.x or Higher 
Using a Direct Serial Port Connection 

If your ProxySG is running 5.x or higher, use the following procedure to 
configure it with a direct serial port connection. 

Use a standalone serial terminal or a PC and the ProxySG command-line 
interface (CLI) to perform a first-time configuration of the following basic 
network information: 



• IP address 

• IP gateway address 

• Console username 

• Enable password 



• IP subnet mask 

• DNS server 

• Console password 

• Serial port password (optional) 



PC Note: If the PC is using standard serial port settings, you should 

have a problem-free connection. Problems can occur if there 
are non-standard PC serial port settings. 



Do the procedure by reading on-screen material and entering data where 
necessary. The on-screen instructions display as five separate pages. In the 
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procedure below, places that require you to enter data show example entries 
in bold text. 

Five screens display, one at a time, as shown in the following steps. 

1 Power on and connect the serial terminal or PC as described below (the 
ProxySG must be powered off): 

Serial terminal: Connect the terminal's serial cable to the ProxySG's serial 
console port; start the terminal and verify that it is set using the 
parameters described below. 

1 PC: Connect a serial cable to a serial port on the PC and to the ProxySG's 
serial console port; start the PC, open a terminal emulator (such as 
HyperTerminal), and connect to the serial port to which you attached the 
cable. Create and name a new connection (either a COM or TCP/IP), and 
verify that the port is set using the parameters described below. 

• Baud rate: 9600 bps • Data bits: 8 

• Parity: none • Stop bits: 1 

• Flow control: none • Smooth-scroll: disabled 

• Emulation: VT 100 

If you have set flow control to none, and if you have smooth-scroll as an 
option in your terminal settings, disable smooth-scroll in your terminal 
settings to reduce the chance of losing output. 

2 Power on the ProxySG and wait for the system to finish booting. 

The following configuration alert displays: 

■k-k-k-k-k-k-k-k-kic-k-k-k-k-k-k-k-k-k CONFIGURATION ALERT 'k'k-k-k-k-k-k-k-k'k'k'k'k'k'k'k'k'k 

System startup cannot continue for one of these 
reasons : 

(a) Need at least one adapter (or bridge) configured 
with an IP address and subnet . 

(b) Need the console password and enable password. 
********** SYSTEM STARTUP TEMPORARILY SUSPENDED ********* 
Press "enter" three times to activate the serial console 

Figure 3-9: Initial Setup — Configuration Alert 
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3 Press <Enter> three times. 



When the Welcome to the ProxySG Appliance Setup Console 

prompt appears, the system is ready for the first-time network 
configuration. 

4 On page 1, enter the interface number, IP address, IP subnet mask, IP 
gateway, and DNS server parameters. 



Welcome to the ProxySG Appliance Setup Console 

(page 1 of 5) 

Press <ESC> at any time to return to the main menu 
DIRECTIONS : 

This setup console is used to assign IP addresses to 
the ProxySG Appliance. After assigning the IP 
addresses you can connect to the command line 
interface or Web interface to perform additional 
management tasks. 

Enter interface number to configure [0:0] : 

IP address [0.0. 0.0]: 10.25.36.47 

IP subnet mask [255.255.255.0]: 255.255.255.0 

IP gateway [0.0. 0.0]: 10.25.36.1 

DNS server [0.0. 0.0]: 101.52.23.100 

You have entered the following IP addresses: 

IP address: 10.25.36.47 
IP subnet mask: 255.255.255.0 
IP gateway: 10.25.36.1 
DNS server: 101.52.23.101 

Would you like to change any of them? Y/N [No] N 



Figure 3-10: Initial Setup — Page One 
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5 On page 2, you are asked if you want to finish configuration using the 
Setup Wizard. 



(page 2 of 5) 

A comprehensive Setup Wizard is available if you use your 
Web browser. You can either use the Web Setup Wizard or 
you can continue the initial configuration using this 
serial console. Note that this serial console initial 
configuration method contains a subset of the 
configuration options available in the Web Setup Wizard. 

Would you like to use the ProxySG Web Setup Wizard? Y/N 
[No] N 

Figure 3-1 1 : Initial Setup — Page Two 

If you choose to use the Setup Wizard, go to "Configuring the SG 8100 
Using the Setup Wizard" on page 50. 

6 On page 3, enter a console username and a console and enable password. 
A default username (admin) is already in place — change it for stronger 
security. 

Usernames and passwords can each be from 1 to 64 characters in length. 
Passwords that contain special characters (such as an exclamation point) 
must be in quotes. 
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(page 3 of 5 ) 

Press <ESC> at any time to return to the main menu 
DIRECTIONS : 

The console username, password and enable password are 
special administrative credentials which can be used 
to log in to the command line interface or web 
management interface. 

WARNING - The console password and enable password are 
not defined. The system cannot start up until these are 
defined. 

You must configure the console user account now. 

Enter console username [admin] : namel23 
Enter console password: ''******" 

Verify console password: "******'' 

Enter enable password: "******'' 

Verify enable password: "******'' 



Figure 3-1 2: Initial Setup — Page Three 

7 (Optional) For maximum security, secure the serial port. 

The serial port allows you to configure and access the ProxySG using a 
serial cable. This can pose a security risk because anyone with access to 
the appliance can reconfigure the ProxySG settings. This optional step sets 
a password for the serial console setup, allowing only authorized 
personnel the ability to reconfigure the appliance. 



WARNING! If you set the serial console password and then lose the 
password, you must restore the appliance to its original 
factory defaults to access the Management Console or CLI 
(see Resetting the SG200 to Its Factory Defaults on page 
46). 
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Do you want to secure the serial port? Y/N [Yes] Y 
Enter setup password: "******'' 

Verify setup password: "***★**" 

WARNING: 

If you continue and enable the secure serial port it 
will not be possible to enter the setup console without 
the setup password. If the setup password is lost, 
assistance from Blue Coat Systems will be required and 
all system configuration may be lost. It is 
recommended that this password be stored in a 
physically secure location. Access to the CLI on the 
serial port will challenge for credentials. 

To enable the secure serial port, re-enter the setup 
password: "•******" 



Figure 3-13: Initial Setup — Secure the Serial Port (Optional) 
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8 (Optional) On page 4, you can restrict access to the SG 8100. 



Note: For maximum security, restrict physical access to the SG 8100. 



(p a g e 4 of 5) 

Press <ESC> at any time to return to the main menu 
DIRECTIONS : 

The console username and password are special: they 
can be used to log in to the CLI or Web Management 
interface even in circumstances where this is denied 
by VPM or CPL policy. This makes the console account 
useful in emergencies, as a way to log in when policy 
is broken, but it may also create a security hole. 

To close the security hole, we recommend that you 
restrict the use of the console account to specific 
workstations, identified by their IP address. 

This dialog allows you to add one IP address to the 
list of workstations that are authorized to use the 
console account. (This same list is also used to 
restrict which workstations can use SSH with RSA 
authentication.) Additional workstations may be 
configured later, from the command line interface or 
the Web interface. 

WARNING: The console account can currently be used to 
log in from any workstation. 

Would you like to restrict access to an authorized 
workstation? Y/N [Yes] Y 

Authorized workstation [ 0 . 0 . 0 . 0 ] : 10 . 2 . 33 . 1 

Figure 3-14: Initial Setup — Page Four 

Page 5 displays. This page explains how to access the Proxy SG from an 
SSH Client or with a Web browser. See " Logging on to the SG 8100 " on 
page 52 for more information. 
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(pag e 5 of 5) 

DIRECTIONS : 

The ProxySG Appliance has been successfully configured 
to use IP address: "10.25.36.47" 

You can connect to the command line interface or Web 
interface to perform additional management tasks. 

To connect to the command line interface, open the 
following location from your SSH application: 
10.25.36.47 

To connect to the Web management interface, go to the 
following location with your web browser: 
https:// 10. 25. 3 6. 47: 8082/ 

CONFIGURATION COMPLETE 

Press "enter" three times to activate the serial console 



Figure 3-15: Initial Setup — Page Five 

9 To log in to the serial console right away, press <Enter> three times. 

A menu displays offering two choices: 

1) Command Line Interface 

2) Setup Console 

10 Access the CLI or Management Console: 

• Enter l in the serial console menu to select the CLI. 

See " Logging on to the SG 8100 CLI " on page 54 for information about 
using the ProxySG CLI. 

• To access the ProxySG Management Console, enter the following 
address into your Web browser: 

https : / / proxysg_IP : 8082/ 

where proxysg_IP is the IP address that you configured for this 
ProxySG. 

See '‘Logging on to the SG 8100 CLI " on page 54 for more information 
about accessing the ProxySG. 
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When you have set the basic networking parameters and connected the 
ProxySG to the network, you are ready to fully configure the appliance. For a 
list of all CLI commands, refer to the Blue Coat ProxySG Command Line 
Reference. For information about configuring and administering the ProxySG 
(including information about setting policies that will explicitly grant or deny 
proxied transactions), refer to the Blue Coat ProxySG Configuration and 
Management Guide Suite. 
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Configuring the SG 8100 Using the Setup Wizard 



Note: The following procedure is for 8100 Appliances running SGOS 
5.x or later. 



1 Complete the procedure described in " Installing the SG 8100" on page 11 

2 Power on the ProxySG. 

3 Enter the following URL into your browser: 
https :/ /proxy sg.bluecoat. com: 8083/. 

A security warning dialog appears. 



Note: It is safe to click Yes or OK in this dialog because the ProxySG 
system is directly connected to your PC. For more information 
about this warning dialog, see A Security Warning Appears for 
the Initial Configuration Web Page on page 46. 

The appearance of the dialog varies depending on the browser 
that you use. 



4 Click Yes (or OK) in the dialog. 



Note: If you do not see the warning dialog or if you cannot connect to 
the Setup Wizard, reset the ProxySG to its factory defaults. See 
Chapter 5:Troubleshooting. 
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When the appliance connects, the Setup Wizard displays, as shown in the 
following figure. 



Blue£*3Coat 



ProxySG Setup Wizard 



Introduction 

Security 

Network 

App Delivery Network 

Services 

Finish 



Introduction > Welcome 


Welcome 


Welcome to the ProxySG Setup Wizard. 


Confirm the identitity of 
Model Number: 
Serial Number: 

OS Version: 

MAC Address: 


your ProxySG appliance. 






This screen w 


'ill display your 



appliance’s identifying information here 



Figure 3-16: The Setup Wizard 

5 Enter information on each screen, as prompted. 

Each page is described; some pages include mouse-over help. If you 
entered network settings from the serial console, they are already filled in. 
To complete the Setup Wizard you must: 

a. Enter the console access information. 

b. Enter the CLI Enable password. 

c. (Optional but highly recommended) Secure the serial port. 

d. Enter the network settings: 

❖ IP Address 

❖ Subnet Mask 

❖ Gateway 

❖ DNS Server 

e. (Optional) Configure the Application Delivery Network 
(ADN) settings. The ADN settings optimize the delivery of 
applications over the WAN. 
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f. Select the traffic types that the appliance should intercept. 

g. Set the initial policy. 

h. Confirm the settings and click Configure. 



Note: The Web-based wizard is available only for initial appliance 

configuration (or following a reset to factory defaults). After you 
click Configure during the final step, the wizard is no longer 
available. 



Logging on to the SG 8100 

Once the SG 8100 is configured, the LCD begins to cycle through and display 
various messages, such as CPU Utilization and Proxied Traffic. 

After you have completed the initial configuration and connected the SG 8100 
to the network, you must log on to the SG 8100 to fully configure the 
appliance. There are two ways to do this. 

• Use a browser to access the SG 8100 Management Console Web interface. 

• Use a direct serial connection or an SSH client to access the SG 8100 
command-line interface (CLI). 

Logging on to the SG 8100 Management Console 

The Management Console is a graphical interface for configuring and 
managing all aspects of the SG 8100. You can log on to the Management 
Console using a browser. 

To Log on to the Management Console Using a Browser: 

1 Start the SG 8100. 

2 Open a browser. The SG 8100 supports Microsoft® Internet Explorer 6.0, 
Netscape® Communicator 7.2, and Firefox 1.0. 

3 Enter the IP address configured during initial configuration, followed by 
the port number 8082. For example, enter https : / / 1 0 . 25. 36. 47:8082. 
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A security warning dialog appears. 

4 If you are satisfied that this certificate was generated from the correct 
appliance, click Yes or OK in the security warning dialog. 

An Enter Network Password dialog appears. 

5 Enter a username and password in the Enter Network Password dialog. If 
the username has not been changed, the default is admin. The password is 
the one you entered during initial configuration. 

The SG 8100 home page displays. 

6 Click the Management Console link from the top of the list on the left. 

The Management Console page displays. 



Configuration 



9 General 

I '.'te. Id e ntific at ioH 
Clock 

* Network 
® Services 

® External Services 
® Health Checks 
<* Authentication 
® Policy 

* Content Filtering 

* Forwarding 
® SSL 

9 Access Logging 



General 

Unique name for this ProxySG Appliance: 

Name: 1 1 0.25.36.47 - Blue Coat SG8000 Series 



Serial number of Ihe ProxySG Appliance: 
Serial number: j 8000 



Apply | Cancel | Help 



Figure 3-17: The Management Console Page 



7 Navigate among Configuration, Maintenance, and Statistics by clicking 
one of the three tabs near the top of the screen; click the links on the left to 
select a configurable component. Click the Help button on any screen to 
display information for that screen. 

The online Help contains the complete text of the Blue Coat ProxySG 
Configuration and Management Guide Suite. Once you are in the online 
Help, use the TOC (Table of Contents) and Index links to navigate through 
the manual. 
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Logging on to the SG 8100 CLI 

You can connect to the SG 8100 CLI using a direct serial connection or an SSH 
client, such as PuTTY or F-Secure. To connect to the ProxySG CLI using Telnet, 
you must first enable the Telnet-Console. Refer to the Managing Port Services 
section of the Blue Coat ProxySG Configuration and Management Guide Suite. 



Note: The CLI uses two passwords: The console password is required 
to establish a connection to the interface, and the enable 
password can be set to restrict access to the privileged mode 
configuration options. If you forget the username or password, 
you can reset them using either the front panel control buttons 
and LCD or a serial terminal or PC. 



To Connect to the SG 8100 CLI Using a Direct Serial Connection: 

1 To set up the serial connection, complete steps 1 through 3 in the section 

" Configuring the SG 8100 Using a Direct Serial Port Connection" on page 34. 

The following text displays: 

Welcome to the ProxySG Appliance Serial Console 

Version: SGOS 4. 1.0.1, Release id: 22527 

MENU 

Executing image: Version: SGOS 4.1.0. 1, Release id: 22527 

1) Command Line Interface 

2) Setup Console 



Enter option: 

Figure 3-18: Serial Connection Login Page 

2 Enter 1 to select the Command Line Interface option. 

3 Enter the username and password when prompted. If the username has 
not been changed, the default is admin. The password is the one you 
wrote down or configured during initial configuration. 
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4 At the command prompt, enter enable, then enter the enable password 
that you wrote down or configured during initial configuration: 

SGOS>enable 

Enable Password: 

SGOS# 

You are now in privileged mode. 

5 At the privileged-mode command prompt, enter the configure 
terminal to configure SG 8100 settings: 

SGOS#configure terminal 

Enter configuration commands, one per line. End with CTRL-Z . 
SGOS# (config) 

When you have set the basic networking parameters and connected the SG 
8100 to the network, you are ready to fully configure the appliance. For a list 
of all CLI commands, refer to the Blue Coat ProxySG Command Line Interface 
Reference. For information about configuring and administering the SG 8100 
(including information about configuring explicit or transparent proxies for 
the SG 8100), refer to the Blue Coat ProxySG Configuration and Management 
Guide Suite. 

To Connect to the SG 8100 CLI Using an SSH Client: 



Note: You must already have an SSH Client installed before you 
proceed with the steps below. 



1 Start the SG 8100. 

2 Launch your SSFI Client — enter the following settings as necessary: 

• The IP address that you configured during initial configuration. 

• A port number, if necessary (Port 22 is the default). 

• The username and password. If the username has not been changed, 
the default is admin. The password is the one you wrote down or 
configured during initial configuration. 
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3 At the command prompt, enter enable, then enter the enable password 
that you wrote down or configured during initial configuration: 

SGOS>enable 

Enable Password: 

SGOS# 

You are now in privileged mode. 

4 At the privileged-mode command prompt, enter the configure 
terminal command to access the SG 8100 privileged-mode configure 
commands: 

SGOS#configure terminal 

Enter configuration commands, one per line. End with CTRL-Z. 
SGOS# (config) 

When you have set the basic networking parameters and connected the SG 
8100 to the network, you are ready to fully configure the appliance. For a list 
of all CLI commands, refer to the Blue Coat ProxySG Command Line Interface 
Reference. For information about configuring and administering the SG 8100 
(including information about configuring explicit or transparent proxies for 
the SG 8100), refer to the Blue Coat ProxySG Configuration and Management 
Guide Suite. 



56 



Blue Coat SG 8100 



Configuring a Front-Panel PIN 

The front panel allows you to reconfigure the initial settings of the SG 8100, 
which can represent a security risk. Setting a front-panel PIN limits access to 
authorized personnel only. 

This procedure is only available through the CLI — you cannot set a 
front-panel PIN through the Management Console. 

To Configure a Front-Panel PIN: 

1 Connect to the SG 8100 CLI and access the privileged-mode configure 
commands (see "Logging on to the SG 8100 " on page 52). 

2 From the privileged mode command prompt, change the SG 8100 front 
panel PIN by entering one of the following commands: 

SGOS# (config) security front-panel-pin PIN 

-or- 

SGOS# (config) security hashed-f ront-panel-pin hashed_PIN 

where pin is an unhashed PIN and hashed_PiN is a PIN in hashed 
format. After entering one of these commands, anyone who attempts to 
configure the SG 8100 through the front panel will be prompted to enter 
the PIN. 



Note: The front-panel PIN commands are hidden commands. If you 
enter the commands listed above and receive an unrecognized 
command message, enter the following command and try again: 

SGOS# (config) reveal-advanced all 
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Configuring the Front-Panel LCD Behavior 

The front-panel LCD dims after 30 seconds by default. This behavior is 
configurable — you can set the LCD to remain lit at all times, to dim after a 
specified length of time, or to flash (the flash setting can be helpful if you need 
to find one SG 8100 in a room full of them). 

The front-panel LCD cannot be configured through the Management 
Console — you must use the CLI. 

To Configure the Front-Panel LCD through the CLI: 

1 Open a terminal session with the SG 8100; at the standard-mode 
command prompt, enter enable and your privileged-mode password. 

SGOS>enable 

Enable Password: ****** 

SGOS# 

2 At the privileged-mode command prompt, enter the configure 
terminal command to access the privileged mode configure commands: 

SGOS#configure terminal 

SGOS# (config) 

3 At the (config) prompt, enter the front -panel command to access the 
front-panel mode commands and to configure the front-panel LCD 
behavior. 

SGOS# (config) front -panel 
SGOS# (config front-panel) 

SGOS# (config front-panel) backlight flash 

SGOS# (config front -panel) backlight state (off | on | timeout} 
SGOS# (config front-panel) backlight timeout seconds 
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where: 



flash 




Configures the LCD to flash. When set, the LCD 
continues to flash until the user presses a front panel 
button or the setting is changed through the CLI 
command no backlight flash. 

The flash setting can overwrite the backlight state 
setting. 


state 


off 


Configures the LCD to always remain off when the 
SG 8100 is powered on. This is the default behavior. 


on 


Configures the LCD to always remain lit when the 
SG 8100 is powered on. 


timeout 


Configures the LCD to dim after a specified 
number of seconds. Use the backlight 
timeout seconds command (described below) 
to specify the number of seconds. 


timeout 


seconds 


Specifies the number of seconds that the LCD 
remains lit without activity. The backlight 
state timeout command specifies an LCD 
timeout; this command specifies the number of 
seconds before dimming occurs. 
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Chapter 4: Maintaining and Upgrading the SG 8100 



The sections in this chapter provide the details for maintaining and upgrading 
the Blue Coat SG 8100 hardware, as follows: 

• Hot-Szvapping a Disk Drive 

• Hot-Szvapping a Pozver Supply 

• Option Upgrade Cards 

Hot-Swapping a Disk Drive 

Hot-swapping a disk drive is a two-step process — you must take the disk 
offline before removing it. Except for the disk used to boot the system (the 
disk located in drive bay 1), disk drives can be removed and replaced 
separately, without powering off the SG 8100. (Doing a hot swap of the disk 
used to boot the system can result in a loss of configuration.) 

For initial installation of disk drives, see " Initial Installation of the Disk Drives" 
on page 18. 

Taking a Disk Offline 

Before you remove a hot-swappable disk, you must take that disk offline. You 
can do this using either the SG 8100 Management Console or the CLI. 

Take a Disk Offline Using the Management Console: 

1 Go to the SG 8100 home page — open a browser and enter the SG 8100 
HTTPS IP address followed by a colon and port number 8082, as follows: 

https : / / ip_address : 8082 . 

2 Click Yes in the Security Alert dialog; enter your username and password 
and click OK in the Enter Network Password dialog. 

3 Click the Management Console link in the SG 8100 home page that appears. 

4 In the Management Console page that appears, select the Statistics tab, 
then click General and select Disks 1-8. 

5 Click the icon of the disk that you want to take offline in the Disks 1-8 
pane. 
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Health: 



Statistics 



Health 
► General 

System Usage 
Active Sessions 
HTTP/FTP History 
CIFS History 
MAPI History 
Byte Caching History 
P2P History 
IM History 
SSL History 
Streaming History 
SOCKS History 
Shell History 
Resources 
Efficiency 
Contents 
Event Logging 
Bandwidth Mgmt. 
Access Logging 
Failover 
Advanced 



Summary | Environment Disks 1-8 | SSL Cards | 

Disk in slot 1 

Vendor: SEAGATE Product: ST3300007LC 

Revision: 0003 Disk SN: 3KR01EGW 

Capacity: 300 gigabytes Status: PRESENT 



Select disk 
to view: 



| Take disk 1 offline 





Click the icon 
of the disk you 
want to take 
offline 



Figure 4-1 : Using the Management Console to Take a Disk Offline 

6 Click the Take disk # offline button, where # is the number of the disk 
selected (this button will be grayed out if the disk selected is not currently 
online). 

7 Click OK in the Take disk offline dialog that displays. 

8 Close the Management Console. 

9 Make sure that the disk drive is offline before you remove it — the front 
panel disk drive LED corresponding to that drive will flash between 
amber and green at a regular interval when it is offline. See "Removing and 
Replacing a Hot-Swappable Disk Drive" on page 63, for removal 
instructions. 

Take a Disk Offline Using the CLI: 

1 Open a terminal session with the SG 8100; enter your password at the 
prompt. 

2 At the command prompt, enter enable and enter your privileged-mode 
password at the prompt. 

3 At the privileged-mode command prompt, enter the following command: 
SGOS#disk offline disk_number 

where disk_number is the number of the disk that is going offline (a 
number from 2 to 8). 
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4 Make sure that the disk drive is offline before you remove it — the front 
panel disk drive LED corresponding to that drive will flash between 
amber and green at a regular interval when it is offline. See Removing and 
Replacing a Hot-Swappable Disk Drive, below, for removal instructions. 

Removing and Replacing a Hot-Swappable Disk Drive 

Use the following procedure to hot-swap a disk drive (remove and replace it 
without powering off the SG 8100). 



Important: Always take a disk drive offline before removing it (see 
Taking a Disk Offline starting on page 61). 



1 Open the front panel of the SG 8100 and note the drive bay number of the 
disk to be swapped. 

2 Release the disk lever and remove the disk drive: hold the disk lever up 
(the black latch on top of the disk) and carefully pull the disk drive 
towards you. 

3 Insert and seat the replacement disk drive in the same orientation as the 
drive you just removed. To insert the disk drive, hold the disk lever up, 
align the disk drive with the guide rails at the top and the bottom of the 
bay, and carefully insert the disk drive. 

4 When the disk lever meets the frame of the unit, push the lever down 
slowly until the lever locks in place. 

When the new disk is connected, the corresponding disk drive LED is 
solid green to show that power has been established. When activity is 
detected on the disk drive, the Disk Drive LED is either solid amber or 
flashes between green and amber at an irregular interval. If the Disk 
Drive LED flashes amber at a regular interval, either the connection is 
faulty or the disk drive is bad. 
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Hot-Swapping a Power Supply 

The SG 8100 comes with two AC or three DC hot-swappable power supplies. 
Each power supply is equipped with a separate power connector. This 
permits each power supply to be separately removed and replaced without 
requiring that the unit be powered off. 



Important: Be careful as you insert the power supply. The guiding 
prongs on the power supply can easily be bent if the 
power supply is inserted too quickly or at the wrong angle. 



Check for a Faulty Power Supply 

Before you hot-swap a power supply, make sure that you know which one is 
faulty. 

1 Go to the SG 8100 home page: open a browser and enter your SG 8100 IP 
address followed by a colon and port number (for example: 

https : / / ip_address : 8082 ). 

Click Yes in the Security Alert dialog, enter your username and password 
and click OK in the Enter Network Password dialog. 

2 Click the Management Console link in the SG 8100 home page that appears. 

3 Select the Statistics tab, then click General and select Environment. 

The Environment pane displays. 

4 Click the View Sensors button. 

The Sensor Statistics window opens, detailing the status of system 
functions. The example shown in Figure 4-2 indicates that the AC Power 
Supply 2 is faulty. 
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Sensor Name 


Reading 


Status 


Motherboard temperature 


27.8 C 


OK 


Power supply cage temperature 


: |22.0 C 


OK 


CPU 1 temperature 


47.5 C 


OK 


CPU 2 temperature 


44.0 C 


OK 


Fan 3 speed 


4322.8 PPM OK 


Fan 4 speed 


[4333.2 RPM OK 


Fan 5 speed 


4255.2 RPM OK 


Power supply 1 fan 1 status 




OK 


Power supply 1 fan 2 status 




OK 


Power supply 2 fan 1 status 




OK 


Power supply 2 fan 2 status 




OK 


CPU 1 fan speed 


J6060.4 RPM OK 


CPU 2 fan speed 


6136.0 RPM OK 


+3.3V bus voltage 


3.33 volts 


OK 


+5V bus voltage 


|5. 10 volts 


OK 


+12V bus voltage 


|l2. 15 volts 


OK 


CPU 1 core voltage 


|l.49 volts 


OK 


CPU 1 +2.5V bus voltage 


|2.54 volts 


OK 


CPU 2 core voltage 


1 1.46 volts 


OK 


CPU 2 +2.5V bus voltage 


|2.60 volts 


OK 


Power supply 1 status 




OK 


Power supply 2 status 




OK 



If a power supply is bad, 
this will read “No Power” 



Figure 4-2: Sensor Statistics Window Indicating a Faulty AC Power Supply 



Hot-Swapping an AC Power Supply 

A SG 8100 with two AC power supplies needs only one of the power supplies 
to function. The second power supply provides redundancy and can be 
removed without affecting system operation. 

1 Disconnect the power cord to the faulty power supply that will be 

replaced. Power Supply 1 is below Power Supply 2 (see Check for a Faulty 
Power Supply, above, to determine which power supply is faulty). 
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2 



Loosen the power supply screw. 

Power supply handle 




Powersupply 

screw 



supply tab 



Figure 4-3: Hot-Swappable AC Power Supply 



3 Push the power supply tab in toward the left and at the same time grasp 
the power supply handle and slowly pull out the power supply 



Pull out the 
handle 



Push in the 
tab 




Figure 4-4: Remove a Hot-Swappable AC Power Supply 



4 Carefully insert the new power supply and tighten the power supply 
screw. 
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Hot-Swapping a DC Power Supply 

A SG 8100 with three DC power supplies needs two of the power supplies to 
function. The third power supply provides redundancy and can be removed 
without affecting system operation. 




You must connect the grounding wire included with the SG 
8100 from the DC power supply to an electrically neutral 
ground (described in Step 1, below). 



You must also use a 20A circuit breaker to connect to your 
DC power source as an over-current protection device. 



1 Connect the DC grounding wire (minimum AWG 8 rating) to the ground 
terminal on the side of the SG 8100 DC power supply (use the screws and 
nuts provided); attach the other end to the chassis of your DC power 
source or to another electrically neutral ground. 




grounding wire 
o the ground 
erminal 



Figure 4-5: DC Power Supply Grounding Terminal 
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2 Disconnect the DC power connector to the faulty power supply that will 
be replaced (see "Check for a Faulty Power Supply" on page 64 to determine 
which power supply is faulty). 



Power 

supply 

latch 



Power 

supply 

handle 




Figure 4-6: Hot-Swappable DC Power Supply 



Disconnectthe 
DC power 
connector to 
the faulty 
power supply 



3 Push in the DC power supply latch to the right until it aligns with the 
power supply handle and pull the power supply out slowly. 



Push the 
power supply 
latch toward - 
the power 
supply handle 




Figure 4-7: Remove a Hot-Swappable DC Power Supply 
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4 Carefully insert the new DC power supply. 



A If you use the cables supplied by Blue Coat to reconnect 
the DC power connections to a DC power source, ALWAYS 
connect the yellow DC power cord to a negative DC outlet, 
and connect the black DC power cord to a positive DC 
outlet. 




ALWAYS plug the 
yellow cord to a 
negative outlet 

► 



► 

ALWAYS plug 
the black cord to 
a positive outlet 




5 Insert the DC power connectors into the new DC power supply 
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Option Upgrade Cards 



The Blue Coat SG 8100 comes with four expansion slots; the two left-hand 
slots (labeled Slot 1 and Slot 2) are for network interface cards and the two 
right-hand slots (labeled Adapter 2 and Adapter 3) are for SSL Accelerator 
cards. 




Figure 4.8: I/O Expansion Slots 

The following option upgrade cards are available for installation into the Blue 
Coat SG 8100: 

• SSL Accelerator Card 

• Dual GigE Copper Card 

• Quad GigE Copper Card 

• Quad GigE Fiber LX Card 
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Chapter 5: Troubleshooting 



This chapter describes how to locate and solve common problems. 

System Warning LED Indicates System Malfunction 

The front panel System Warning LED is solid green when the SG 8100 is 
functioning normally. If a minor system malfunction is detected, the System 
LED is solid amber. If a serious malfunction occurs, requiring immediate 
attention, the System Warning LED flashes red. 

To find out what an amber System Warning LED indicates, you must go to the 
Management Console's Environment panel, as follows: 

1 Go to the SG 8100 home page: open a browser and enter your SG 8100 
HTTPS IP address followed by a colon and port number 8082, as follows: 

https : / / ip_address : 8082 . 

Click Yes in the Security Alert dialog, enter your username and password 
and click OK in the Enter Network Password dialog. 

2 Click the Management Console link in the SG 8100 home page that appears. 

3 Select the Statistics tab, then click General and select Environment. 

The Environment pane displays. 

4 Click the View Sensors button. 
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The Sensor Statistics window opens, detailing the status of system 
functions. 



Sensor Name 


Reading 


Status 


Motherboard temperature 


27.8 C 


OK 


Power supply cage temperature 22.0 C 


OK 


CPU 1 temperature 


47.5 C 


OK 


CPU 2 temperature 


44.0 C 


OK 


Fan 3 speed 


4322.8 PPM OK 


Fan 4 speed 


4333.2 KPM OK 


Fan 5 speed 


4255.2 RPM OK 


Power supply 1 fan 1 status 




OK 


Power supply 1 fan 2 status 




OK 


Power supply 2 fan 1 status 




OK 


Power supply 2 fan 2 status 




OK 


CPU 1 fan speed 


6060.4 PPM OK | 


CPU 2 fan speed 


6136.0 KPM OK 


+3.3V bus voltage 


|3. 33 volts 


OK 


+5V bus voltage 


|5. 10 volts 


OK 


+12V bus voltage 


12.15 volts 


OK 


CPU 1 core voltage 


1.49 volts 


OK 


CPU 1 +2.5V bus voltage 


|2. 54 volts 


OK 


CPU 2 core voltage 


1 1.46 volts 


OK 


CPU 2 +2.5V bus voltage 


|2.60 volts 


OK 


Power supply 1 status 




OK 


Power supply 2 status 




OK 



If a fan is bad, this 
will read “Fan Slow” 



Figure 5-1 : Sensor Statistics Window (Example of Faulty CPU Fan Shown) 

Testing the SG 8100 

If you suspect a problem with the SG 8100, test its operation and connection 
using the CLI. Use the ping and traceroute commands to test the network 
connection. From enable mode, use the test command to retrieve an object or 
to run a loopback test to verify that the device is operational. Refer to the Blue 
Coat ProxySG Command Line Interface Referenced information on these 
commands. 

Cannot Access the Serial Console 

When connecting to the serial console, you must configure the terminal 
emulator for the correct settings. You can connect to the serial console by 
using a terminal, a terminal server, or a computer running a terminal 
emulator. For detailed instructions on connecting the terminal, see "Using the 
Front Panel to Configure Basic Network Settings " on page 32 or "Configuring the 
SG 8100 Using a Direct Serial Port Connection " on page 34. 
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CLI Session Times Out 



A Telnet session to the CLI remains open as long as there is activity. If you 
leave the session idle, the connection will eventually time out and you will 
have to reconnect. The default timeout is five minutes. You can set the 
timeout by using the line-vty command in-configure mode, as follows: 

SGOS# (config) line-vty 

SGOS# (config line-vty ) timeout minutes 
SGOS# (config line-vty ) exit 



CLI Limited to 16 Sessions 

The CLI is limited to 16 active sessions (and one serial console session). If you 
try to connect a 17th session, you receive a message saying that no more 
sessions are available. To connect, you will have to wait for one of the active 
sessions to close. 

Cannot Access the Web Interface 

You can access the SG 8100 Management Console from an Internet browser. If 
the Internet browser fails when attempting to connect to the SG 8100, follow 
these steps to help identify the problem: 

• Verify that you have entered the correct IP address and port (the default 
port is 8082) for the SG 8100 in the Internet browser. The only way to 
verify which address the SG 8100 is using without the Internet browser 
interface is to connect to the serial console and display the network 
configuration. See " Configuring the SG 8100 Using a Direct Serial Port 
Connection" on page 34. 

• Verify that your workstation is configured and working properly by 
connecting to other Internet sites (such as www.bluecoat.com). If your 
browser is configured to use the SG 8100 as a proxy server and there is a 
problem with the SG 8100, this test might fail. 

• If you are accessing a SG 8100 located on a remote network (any segment 
other than the segment where your workstation is attached), verify that 
other servers on that network are accessible. 
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Try pinging the IP address to verify that the SG 8100 is accessible from the 
workstation. If the SG 8100 does not respond to the ping, verify that it is 
operational, as described earlier. 



Web Interface Username and Password Fail 

The Management Console is protected with a username and password. If the 
username and password fail, reset them by using the serial console. See 
" Configuring the SG 8100 Using a Direct Serial Port Connection" on page 34 for 
information on using the serial console. For instructions on resetting the 
username and password, refer to the Blue Coat ProxySG Configuration and 
Management Guide Suite at www.bluecoat.com. 



Web Interface Java Errors Occur 

When you upgrade the Web interface, you must clear the local cache and 
restart the browser to guarantee that the new Java components for the Web 
interface are loaded. Each Web browser handles Java applets in a different 
way. Some browsers do not reload applets until their cache is cleared or until 
the browser is restarted. 

Client Requests Fail 

A failed request for a Web document indicates one of the following: 

• The Web browser is not properly configured for the SG 8100. 

• The SG 8100 cannot access the requested document. 

• The SG 8100 is not properly configured. 

• The SG 8100 is not functioning. 

To isolate client request failures 

• If the SG 8100 is used to access the Internet, and the SG 8100 has been 
working properly, the most likely cause of failed requests is the route 
between the SG 8100 and the Internet or intranet. Before you spend time 
troubleshooting the SG 8100, verify your connection to the Internet by 
using the ping and traceroute commands from the CLI. If you are able 
to ping the destination from the SG 8100, use the test command to verify 
that the device can get the object. For information on the ping. 
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traceroute, and test commands, refer to the Blue Coat ProxySG 
Command Line Interface Reference. If the request fails, try other HTML 
requests to verify that all requests fail. 

• The SG 8100 can be configured to deny access to address groups. If the SG 
8100 is configured for forwarding or filtering, verify that the requested 
address does not match a denied subnet and mask. For information on 
configuring deny settings in the Web interface, refer to the Forzvarding 
chapter in the Blue Coat ProxySG Configuration and Management Guide 
Suite. 

• If your network is not configured for transparency, check the Web 
browser to see if it is by using a Proxy Auto-Configuration (PAC) file for 
auto-configuration. If the Web browser is configured to use a PAC file, 
verify that the address of the PAC file is correct and that the file is 
accessible. If auto-configuration is not being used, check the Web 
browser's proxy configuration. If you are not using transparency, the Web 
browser must be configured for the SG 8100's IP address and port. Refer 
to the Configuring Proxies chapter of the Blue Coat ProxySG Configuration 
and Management Guide Suite for more information. 

• If the ProxySG responds to the ping, verify that the SG 8100's 
configuration is valid. If it is configured to forward requests, verify that 
the server to which the SG 8100 forwards requests is working. If the SG 
8100 is not forwarding requests, check the default gateway address and 
DNS address. 

• If the SG 8100's default gateway address and DNS address are correct, try 
pinging each address from the CLI to verify that the servers are running. 
Be sure to ping the gateway and DNS server from the same network 
segment where the SG 8100 is connected. 

• If the default gateway is accessible, the problem most likely lies outside 
the local network. To verify that the problem is not associated with the SG 
8100, you must configure your workstation for the same gateway address 
as the SG 8100, and configure the Web browser not to use a proxy server 
for HTTP requests. 

Client Responses Are Slow 

If every request from the client results in a slow response, there might be a 

problem accessing a PAC file or the SG 8100. 
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To Isolate Slow Client Responses: 

• Check the Web browser to see if it is using a PAC file for 
auto-configuration. If the Web browser is configured to use a PAC file, 
verify that the address of the PAC file is correct, and the file is accessible. 
Refer to the Blue Coat ProxySG Configuration and Management Guide Suite 
for additional information on by using PAC files. If the PAC file is not 
accessible, the Web browser might attempt to access the PAC file, then 
wait for a timeout before retrieving the object directly. 

• Check the Web browser's proxy address and port. The Web browser must 
be configured for the SG 8100's IP address and port. Refer to the Blue Coat 
ProxySG Configuration and Management Guide Suite for information on 
configuring the clients. If the address or port is not correct, the Web 
browser might attempt to access the SG 8100, then wait for a timeout 
before retrieving the object directly. 

If the correct IP address and port for the proxy server is specified in the 
Web browser, try pinging the IP address to verify that the SG 8100 is 
accessible from the workstation. If the SG 8100 does not respond to the 
ping, verify that it is operational. 

SG 8100 Certificate No Longer Valid if IP Address 
Changes 

If you move the SG 8100 from its original location or change the IP address for 
any reason, the SG 8100's security certificate might not be accepted the next 
time you open the Management Console. This is because the hostname no 
longer matches the hostname on the certificate. You must create a new 
certificate and then edit the HTTPS-Console service to use it. For information 
about creating a new certificate and editing the HTTPS-Console service, refer 
to the "Configuring HTTPS Termination" and "HTTPS Console (Secure 
Console)" sections of the Blue Coat ProxySG Configuration and Management 
Guide Suite. 
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The Proxy SG Does Not Come Back Up After 
Rebooting 

If the appliance is not coming back up after rebooting and the serial port is 
connected to terminal server (terminal concentrator) try the following: 

1 Open an active session on the terminal server, noting any traffic being 
outputted. 

2 Unplug the terminal server from the appliance. 
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Appendix A: Specifications 
Environmental and Electrical 



Dimensions and Weight 

Enclosure (Einschliefiung) 
Height (Hohe) 

Width (Breite) 

Depth (Lange) 

Weight (Gewicht) 


19 in (48.3 cm) rack-mountable 
7.0 in (17.8 cm); 4 rack units 

17.4 in (44.2 cm) 

23.7 in (60.2 cm) 

81.5 lbs (37.2 kg) maximum 


Operating Environment 

Power Input, AC 
(Stromversorgung) 


1 00-240 V, 47-63Hz, 460 Watts (1+1 redundancy) 


Power Input, DC (Optional) 

Temperature 
(Betriebstemperatur) 
Relative Humidity (Relative 
Luftfeuchte) 


-36 VDC to -72 VDC, 650 Watts (n+1 
redundancy) 

Operating: 41° to 104° F (5° to 40° C) 
Non-operating: -40° to 158° F (-5° to 70° C) 
Less than 90% (non-condensing) 


Maximum Altitude 
(Maximale Hohe) 


Operating: Up to 10,000 ft (3.0 Km) 
Non-operating: Up to 15,000 ft (4.6 Km) 


System 

Disk Drives (Festplatte) 

Processors (Prozessor) 
RAM (Speicher) 

Network Interfaces 
(Netzwerk) 

Backplane 


Two to eight Ultra320 10,000 RPM or 15,000 
RPM SCSI Disk Drives. 

Up to two Dual Core AMD64 Opteron 
1 to 16 GB 

Two 10/lOO/lOOOBaseT on-board ports and 
two 10/lOO/lOOOBaseT ports (add-in card). 
Hot-swappable SCSI Ultra 320 


Operating System 


SGOS v3 


Regulations 

Safety (Schutz) 

EMC 


CSA C22.2 No. 60950-1 /UL 60950-1, 
EN60950-1 

FCC Class A, CE Class A, VCCI, BSMI, CCC, 
C-Tick 
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Lasers 



Location of the laser apertures if any (Par. 6.1 3). Example: connectors for 
fiberoptic component. 




UV . VIS . IR-A . IR-B 
CLASS 1 LASER PRODUCT 



Connector 

The port on the Gigabit-LX Module transmits at 850 nm wavelength, and is 
compatible with the IEEE 802.3z Gigabit-LX standard. It accepts multi-mode. 
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Appendix B: Regulatory Statements 



Important: Any modification to this product, unless expressly approved 
by Blue Coat Systems, Inc., could void the user’s authority to 
operate the equipment. 



Class A Digital Warning 

This equipment has been tested and found to comply with the limits for a 
Class A digital device, pursuant to Part 15 of the FCC rules. These limits are 
designed to provide reasonable protection against harmful interference when 
the equipment is operated in a commercial environment. This equipment 
generates, uses, and can radiate radio frequency energy, and if not installed 
and used in accordance with the instruction manual, might cause harmful 
interference to radio communications. Operation of this equipment in a 
residential area is likely to cause harmful interference, in which case the users 
are required to correct the interference at their own expense. 

EC Community EMC Warning 

This is a Class A product. In a domestic environment, this product might 
cause radio interference in which case the user might be required to take 
adequate measures. 

Canadian EC EMC Warning 

This Class A digital apparatus complies with Canadian ICES-003. Cet appareil 
numerique de la class A est conforme a la norme NMB-003 du Canada. 

Australia/New Zealand EC EMC Warning 

This is a Class A product. In a domestic environment, this product might 
cause radio interference, in which case the user might be required to take 
adequate measures. 
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Taiwan BSMI Notification 



T» • te&UftMT ' • 



China CCC Notification 



p w 



Japan VCCI EMC Notification 
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Battery Warning Notification 

CAUTION: Danger of explosion if battery if incorrectly placed. Replace only 
with the same or equivalent type recommended by the manufacturer. Dispose 
of used batteries according to the manufacturer's instructions. 

ATTENTION: II y a danger d'explosion s'il y a remplacement incorrect de la 
batterie. Remplacer uniquement avec une batterie de meme type ou d'un type 
equivalent recommande par le constructeur. Metter au rebut less batteries 
usagees conformement aux instructions du fabricant. 

Connection to ports not defined for normal operation, according to this 
manual, might result in excessive radiated emissions. The user is then 
responsible for all corrective action in the event of any problem. 
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Declaration of Conformity 

Blue£*5Coat 

Declaration of Conformity 

We, Blue Coat Systems 
420 North Mary Avenue 
Sunnyvale, CA 94085 

Declare under our sole responsibility that the products 
Blue Coat Systems model 8100 

to which this declaration relates is in conformity with the following 

standards: 

EN 60950-1: 2001+A11 
EN 55022: 1998+A1:2000+A2:2003 
EN 55024: 1998+A1:2001+A2:2003 

Following the provisions of the 73/23/EEC and 89/336/EEC Directives, 
including the Amending Directive 93/68/EEC. 

Blue Coat Systems model 8100 is also in conformity with the following 

standard: 

Directive 2002/95/EC, Restriction of Hazardous Substances (RoHS). 



Sunnyvale, CA 94085 
Date: July 1, 2006 



420 North Mary Avenue Tim Redjaian 

Sunnyvale, CA 94085-4121 Director of Engineering 

USA 

866.30. BCOAT Toll Free 
408.220.2200 Direct 
408.220.2250 Fax 
www.bluecoat.com 
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Index 



A 

AC power supply 7 
hot-swapping 65 
adapter port LEDs 25-?? 

B 

Blue Coat 

technical support 6 
bridge 

configuring using a serial terminal 
or PC 36 

C 

certificate 

invalid if ProxySG moves or changes 
IP address 76 

CLI 

limited to four sessions 73 
logging on to using a direct serial 
connection 48 

logging on using a direct serial 
connection 54-55 

logging on using an SSH client 55-56 
session times out 73 
client HTML, see HTML 75 
Configuration and Management Guide 
download PDF 5 
configuring the ProxySG 

configuring network settings 32-33 
control button functions 31 
instructions 27-40 
using a serial terminal or PC 34-40 
using front panel LCD and buttons 
28-33 

viewing modes in the LCD 29-30 
configuring the SG200 

using a serial terminal or PC 42M8 
using the Setup Wizard 50 



connection ports 7 
control buttons 
accessing 10 

using for first-time configuration 31 
copyrights 

document ii 

D 

DC power supply 7 
hot-swapping 67 
declaration of conformity 83 
diagnosing system malfunction 71 
disk drives 

aligning with guide rails 19, 20 
hot-swapping 61-63 
installing in the ProxySG 18 
preparing for insertion 19 
removing and replacing 63 
taking offline 61-63 
verifying successful insertion 24 
disk lever 

orientation into drive bay 19 
using to lock disk in place 20 
DNS server, setting and changing 32 
drive bays 

guide rails 19 
inserting disk drives 20 
numbered one - eight 19 
dual fiber SX upgrade cards 7, 70 

E 

equipment rack 

installing the ProxySG into 11-14 
safety instructions 11 

F 

first-time configuration 

using a direct serial connection ??-48 
terminal emulator parameters 



Index 
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42 

forwarding host 

configuring during initial 
configuration 39 
front of the ProxySG 9 
front panel 

bezel tabs 18 
functions 9 
opening 10, 18 
front-panel PIN 
configuring 57 

G 

gigabit Ethernet ports 7 

H 

hot-swapping 

AC power supply 65 
DC power supply 67 
disk drives 61-63 
power supplies 64-69 
HTML 

requests fail 74 
responses slow 75 

I 

IP address, setting and changing 32 
IP gateway, setting and changing 32 
IP subnet mask, setting and changing 32 

J 

Java errors 74 

L 

LAN connector LEDs 25-?? 

LCD 

cursor in 29-30 
modes reflected in 29-30 
LEDs 

checking system status with 22 
description of color and flash rate 
22-24 

disk drive 23 
LAN 23 
power 23 



system warning 23 
system warning diagnostic 71 
logging on 

using a direct serial connection 48 

M 

Management Console 
cannot access 73 
logging on to 52-53 
modes 

automatic exit warning 30 
configuration 29 
edit 30 
status 29 

N 

network cables 
attaching 15 
network interfaces 7 
network upgrade slots 7 

P 

packing list 6 
password 

auto-configuration of 32 
CLI 54 

configuring using a serial terminal 
or PC 37 

configuring using the front panel 33 
failure 74 
PC 

connection problems 34, 41 
using with the ProxySG 34-40 
PCI card slots 7 
ping command 72 
ports 

gigabit Ethernet 7 
serial console 7 
power button 
accessing 10 
power cords 
attaching 15 
power supplies 

AC and/or DC 7 
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hot-swapping 64-69 
insertion warning 17, 64, 67, 69 
powering on and off 21 
Proxy SG 

CLI passwords for 54 
CLI username for 54 
Configuration and Management 

Guide PDF, downloading 5 
configuring for the first time 27-40 
connection ports 7 
control buttons 31 
control buttons, accessing 10 
diagnosing system malfunction 71 
direct serial connection to 34-40 
disk drives, accessing 10 
disk drives, installing 18 
equipment rack, installing into 
11-14 

first- time configuration, overview of 
27 

front panel, opening 10, 18 
invalid certificate 76 
logging on to 52-56 
modes in 29-30 
packing list 6 

power button, accessing 10 
powering on and off 21 
testing 72 

view from the front 9 

S 

safety instructions 

equipment rack 11 
security 

configuring a front-panel PIN 57 
serial console 

cannot access 72 
serial console port 7 
serial port 

securing with a password 37 
serial port password 
securing 45 
serial terminal 

using with the ProxySG 34-40 



using with the SG200 41M8 
setting up the ProxySG, see configuring 
the ProxySG 
specifications 
connector 80 

declaration of conformity 83 
environmental and electrical 79 
lasers 80 

regulatory statements 81-82 
SSL accelerator upgrade cards 7, 70 
system malfunction 
diagnosing 71 

T 

technical support 6 
terminal emulator 35 

direct serial connection parameters 
42 

traceroot command 72 

U 

upgrade cards 

dual fiber SX 7, 70 
insertion slots for 70 
SSL accelerator 7, 70 
username 
CLI 54 

configuring using a serial terminal 
or PC 37 
default 32 
failure 74 

W 

Web interface, see Management Console 
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